netstat is an operating system utility that displays active TCP connections, listening ports, and network statistics. [1]

ID: S0104
Type: TOOL
Version: 1.1
Created: 31 May 2017
Last Modified: 12 October 2022

Techniques Used

Domain ID Name Use
Enterprise T1049 System Network Connections Discovery

netstat can be used to enumerate local network connections, including active TCP connections and other network statistics.[1]

Groups That Use This Software

ID Name References


G0010 Turla


G0027 Threat Group-3390


G0071 Orangeworm


G0049 OilRig


G0096 APT41


G0004 Ke3chang


G0018 admin@338



ID Name Description
C0007 FunnyDream


C0014 Operation Wocao

During Operation Wocao, threat actors used netstat to identify specific ports.[13]